Single DNS Domain with Internet Connection and Separate Gateway
Although the previous section describes a completely valid sendmail configuration, it is often desirable to separate the function of the mail hub from the mail gateway. This separation enables you to put the mail hub inside a protective firewall, shielding it from direct attacks on sendmail. You would put the gateway on the firewall's DMZ network (preferred) or outside the firewall. In this way, you can monitor any attacks on the gateway. If compromised, the gateway has only its sendmail configuration file stored on it.
The following example still uses the starlight.com domain with three sendmail configuration files to implement this change.
One for the gateway named gw.starlight.com ...